version: '3.5'

## FOR TEST AND DEVELOPMENT ONLY, DO NOT USE IN PRODUCTION   ##
## Setup: https://docs.photoprism.app/developer-guide/setup/ ##

services:
  ## PhotoPrism Development Environment (MariaDB)
  photoprism:
    build: .
    image: photoprism/photoprism:develop
    depends_on:
      - mariadb
      - dummy-webdav
    security_opt:
      - seccomp:unconfined
      - apparmor:unconfined
    ports:
      - "2342:2342"   # Default HTTP port (host:container)
      - "2443:2443"   # Default TLS port (host:container)
      - "2343:2343"   # Acceptance Test HTTP port (host:container)
      - "40000:40000" # Go Debugger (host:container)
    shm_size: "2gb"
    links:
      - "traefik:localssl.dev"
      - "traefik:app.localssl.dev"
      - "traefik:keycloak.localssl.dev"
      - "traefik:dummy-oidc.localssl.dev"
      - "traefik:dummy-webdav.localssl.dev"
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.photoprism.loadbalancer.server.port=2342"
      - "traefik.http.services.photoprism.loadbalancer.server.scheme=http"
      - "traefik.http.routers.photoprism.entrypoints=websecure"
      - "traefik.http.routers.photoprism.rule=Host(`localssl.dev`, `app.localssl.dev`)"
      - "traefik.http.routers.photoprism.tls.domains[0].main=localssl.dev"
      - "traefik.http.routers.photoprism.tls.domains[0].sans=*.localssl.dev"
      - "traefik.http.routers.photoprism.tls=true"
    environment:
      ## Run as a non-root user after initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
      PHOTOPRISM_UID: ${UID:-1000}                         # user id, should match your host user id
      PHOTOPRISM_GID: ${GID:-1000}                         # group id
      ## Access Management
      PHOTOPRISM_ADMIN_USER: "admin"                       # superadmin username
      PHOTOPRISM_ADMIN_PASSWORD: "photoprism"              # initial superadmin password (minimum 8 characters)
      PHOTOPRISM_AUTH_MODE: "password"                     # authentication mode (public, password)
      PHOTOPRISM_REGISTER_URI: "https://keycloak.localssl.dev/admin/"
      PHOTOPRISM_PASSWORD_RESET_URI: "https://keycloak.localssl.dev/realms/master/login-actions/reset-credentials"
      ## LDAP Authentication (pre-configured for local tests):
      PHOTOPRISM_LDAP_URI: "ldap://dummy-ldap:389"
      PHOTOPRISM_LDAP_INSECURE: "true"
      PHOTOPRISM_LDAP_BIND: "simple"
      PHOTOPRISM_LDAP_BIND_DN: "cn"
      PHOTOPRISM_LDAP_BASE_DN: "dc=localssl,dc=dev"
      PHOTOPRISM_LDAP_SYNC: "true"
      ## OpenID Connect (pre-configured for local tests):
      PHOTOPRISM_OIDC_URI: "https://keycloak.localssl.dev/auth/realms/master"
      PHOTOPRISM_OIDC_INSECURE: "true"
      PHOTOPRISM_OIDC_CLIENT: "photoprism-develop"
      PHOTOPRISM_OIDC_SECRET: "9d8351a0-ca01-4556-9c37-85eb634869b9"
      ## Site Information
      PHOTOPRISM_SITE_URL: "http://photoprism.me:2342/"    # server URL in the format "http(s)://domain.name(:port)/(path)"
      PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App"
      PHOTOPRISM_SITE_DESCRIPTION: "Tags and finds pictures without getting in your way!"
      PHOTOPRISM_SITE_AUTHOR: "@photoprism_app"
      PHOTOPRISM_DEBUG: "true"
      PHOTOPRISM_READONLY: "false"
      PHOTOPRISM_EXPERIMENTAL: "true"
      PHOTOPRISM_HTTP_MODE: "debug"
      PHOTOPRISM_HTTP_HOST: "0.0.0.0"
      PHOTOPRISM_HTTP_PORT: 2342
      PHOTOPRISM_HTTP_COMPRESSION: "gzip"                  # improves transfer speed and bandwidth utilization (none or gzip)
      PHOTOPRISM_DATABASE_DRIVER: "mysql"
      PHOTOPRISM_DATABASE_SERVER: "mariadb:4001"
      PHOTOPRISM_DATABASE_NAME: "photoprism"
      PHOTOPRISM_DATABASE_USER: "root"
      PHOTOPRISM_DATABASE_PASSWORD: "photoprism"
      PHOTOPRISM_TEST_DRIVER: "sqlite"
      # PHOTOPRISM_TEST_DSN_MYSQL8: "root:photoprism@tcp(mysql:4001)/photoprism?charset=utf8mb4,utf8&collation=utf8mb4_unicode_ci&parseTime=true"
      PHOTOPRISM_ASSETS_PATH: "/go/src/github.com/photoprism/photoprism/assets"
      PHOTOPRISM_STORAGE_PATH: "/go/src/github.com/photoprism/photoprism/storage"
      PHOTOPRISM_ORIGINALS_PATH: "/go/src/github.com/photoprism/photoprism/storage/originals"
      PHOTOPRISM_IMPORT_PATH: "/go/src/github.com/photoprism/photoprism/storage/import"
      PHOTOPRISM_DISABLE_CHOWN: "false"              # disables updating storage permissions via chmod and chown on startup
      PHOTOPRISM_DISABLE_BACKUPS: "false"            # disables backing up albums and photo metadata to YAML files
      PHOTOPRISM_DISABLE_WEBDAV: "false"             # disables built-in WebDAV server
      PHOTOPRISM_DISABLE_SETTINGS: "false"           # disables settings UI and API
      PHOTOPRISM_DISABLE_PLACES: "false"             # disables reverse geocoding and maps
      PHOTOPRISM_DISABLE_EXIFTOOL: "false"           # disables creating JSON metadata sidecar files with ExifTool
      PHOTOPRISM_DISABLE_TENSORFLOW: "false"         # disables all features depending on TensorFlow
      PHOTOPRISM_DISABLE_RAW: "false"                # disables indexing and conversion of RAW files
      PHOTOPRISM_RAW_PRESETS: "false"                # enables applying user presets when converting RAW files (reduces performance)
      PHOTOPRISM_DETECT_NSFW: "false"                # automatically flags photos as private that MAY be offensive (requires TensorFlow)
      PHOTOPRISM_UPLOAD_NSFW: "false"                # allows uploads that MAY be offensive (no effect without TensorFlow)
      PHOTOPRISM_THUMB_FILTER: "lanczos"             # resample filter, best to worst: blackman, lanczos, cubic, linear
      PHOTOPRISM_THUMB_UNCACHED: "true"              # enables on-demand thumbnail rendering (high memory and cpu usage)
      PHOTOPRISM_THUMB_SIZE: 2048                    # pre-rendered thumbnail size limit (default 2048, min 720, max 7680)
      # PHOTOPRISM_THUMB_SIZE: 4096                  # Retina 4K, DCI 4K (requires more storage); 7680 for 8K Ultra HD
      PHOTOPRISM_THUMB_SIZE_UNCACHED: 7680           # on-demand rendering size limit (default 7680, min 720, max 7680)
      PHOTOPRISM_JPEG_SIZE: 7680                     # size limit for converted image files in pixels (720-30000)
      PHOTOPRISM_JPEG_QUALITY: 85                    # a higher value increases the quality and file size of JPEG images and thumbnails (25-100)
      TF_CPP_MIN_LOG_LEVEL: 0                        # show TensorFlow log messages for development
      ## Run/install on first startup (options: update https gpu tensorflow davfs clitools clean):
      PHOTOPRISM_INIT: "https tensorflow"
      ## Hardware Video Transcoding (optional):
      # PHOTOPRISM_FFMPEG_ENCODER: "nvidia"          # FFmpeg encoder ("software", "intel", "nvidia", "apple", "raspberry", "vaapi") Intel: "intel" for Broadwell or later and "vaapi" for Haswell or earlier
      # PHOTOPRISM_FFMPEG_ENCODER: "intel"           # FFmpeg encoder ("software", "intel", "nvidia", "apple", "raspberry", "vaapi") Intel: "intel" for Broadwell or later and "vaapi" for Haswell or earlier`
      # PHOTOPRISM_FFMPEG_BITRATE: "32"              # FFmpeg encoding bitrate limit in Mbit/s (default: 50)
      # LIBVA_DRIVER_NAME: "i965"                    # For Intel architectures Haswell and older which do not support QSV yet but use VAAPI instead
    ## Share hardware devices with FFmpeg and TensorFlow (optional):
    # devices:
    #  - "/dev/dri:/dev/dri"                         # Intel QSV (Broadwell and later) or VAAPI (Haswell and earlier)
    #  - "/dev/nvidia0:/dev/nvidia0"                 # Nvidia CUDA
    #  - "/dev/nvidiactl:/dev/nvidiactl"
    #  - "/dev/nvidia-modeset:/dev/nvidia-modeset"
    #  - "/dev/nvidia-nvswitchctl:/dev/nvidia-nvswitchctl"
    #  - "/dev/nvidia-uvm:/dev/nvidia-uvm"
    #  - "/dev/nvidia-uvm-tools:/dev/nvidia-uvm-tools"
    #  - "/dev/video11:/dev/video11"                 # Video4Linux Video Encode Device (h264_v4l2m2m)
    working_dir: "/go/src/github.com/photoprism/photoprism"
    volumes:
      - ".:/go/src/github.com/photoprism/photoprism"
      - "go-mod:/go/pkg/mod"

  ## MariaDB Database Server
  ## Docs: https://mariadb.com/docs/reference/
  ## Release Notes: https://mariadb.com/kb/en/changes-improvements-in-mariadb-1010/
  mariadb:
    image: mariadb:10.10
    security_opt: # see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239
      - seccomp:unconfined
      - apparmor:unconfined
    command: mysqld --port=4001 --innodb-strict-mode=1 --innodb-buffer-pool-size=256M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120
    expose:
      - "4001"
    ports:
      - "4001:4001" # database port (host:container)
    volumes:
      - "./scripts/sql/mariadb-init.sql:/docker-entrypoint-initdb.d/init.sql"
    environment:
      MARIADB_AUTO_UPGRADE: "1"
      MARIADB_INITDB_SKIP_TZINFO: "1"
      MARIADB_DATABASE: "photoprism"
      MARIADB_USER: "photoprism"
      MARIADB_PASSWORD: "photoprism"
      MARIADB_ROOT_PASSWORD: "photoprism"

  ## HTTPS Reverse Proxy (recommended) ##
  ## includes "*.localssl.dev" SSL certificate for test environments
  ## Docs: https://doc.traefik.io/traefik/
  traefik:
    image: photoprism/traefik:latest
    ports:
      - "80:80" # HTTP (redirects to HTTPS)
      - "443:443" # HTTPS (required)
    labels:
      - "traefik.enable=true"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock" # enables Traefik to watch services

  ## Keycloak OpenID Connect Provider
  ## Login: user / photoprism
  ## Admin: admin / photoprism
  keycloak:
    image: quay.io/keycloak/keycloak:20.0
    command: "start-dev" # development mode, do not use this in production!
    container_name: keycloak
    links:
      - "traefik:localssl.dev"
      - "traefik:app.localssl.dev"
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.keycloak.loadbalancer.server.port=8080"
      - "traefik.http.routers.keycloak.entrypoints=websecure"
      - "traefik.http.routers.keycloak.rule=Host(`keycloak.localssl.dev`)"
      - "traefik.http.routers.keycloak.tls.domains[0].main=localssl.dev"
      - "traefik.http.routers.keycloak.tls.domains[0].sans=*.localssl.dev"
      - "traefik.http.routers.keycloak.tls=true"
    environment: # see https://www.keycloak.org/server/all-config
      KEYCLOAK_ADMIN: "admin"
      KEYCLOAK_ADMIN_PASSWORD: "photoprism"
      KC_METRICS_ENABLED: "false"
      KC_HOSTNAME: "keycloak.localssl.dev"
      KC_HOSTNAME_STRICT: "false"
      KC_PROXY: "edge"
      KC_DB: "mariadb"
      KC_DB_URL: "jdbc:mariadb://mariadb:4001/keycloak"
      KC_DB_USERNAME: "keycloak"
      KC_DB_PASSWORD: "keycloak"

  ## Dummy LDAP Directory Server
  ## Docs: https://glauth.github.io/docs/
  dummy-ldap:
    image: glauth/glauth-plugins:latest
    container_name: dummy-ldap
    ports:
      - "127.0.0.1:389:389"
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.ldap.loadbalancer.server.port=5555"
      - "traefik.http.routers.dummy-ldap.entrypoints=websecure"
      - "traefik.http.routers.dummy-ldap.rule=Host(`dummy-ldap.localssl.dev`)"
      - "traefik.http.routers.dummy-ldap.tls.domains[0].main=localssl.dev"
      - "traefik.http.routers.dummy-ldap.tls.domains[0].sans=*.localssl.dev"
      - "traefik.http.routers.dummy-ldap.tls=true"
    volumes:
      - "./.ldap.cfg:/app/config/config.cfg"

  ## Dummy OpenID Connect Provider
  dummy-oidc:
    image: photoprism/dummy-oidc:220405
    container_name: dummy-oidc
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.dummy-oidc.loadbalancer.server.port=9998"
      - "traefik.http.routers.dummy-oidc.entrypoints=websecure"
      - "traefik.http.routers.dummy-oidc.rule=Host(`dummy-oidc.localssl.dev`)"
      - "traefik.http.routers.dummy-oidc.tls.domains[0].main=localssl.dev"
      - "traefik.http.routers.dummy-oidc.tls.domains[0].sans=*.localssl.dev"
      - "traefik.http.routers.dummy-oidc.tls=true"

  ## Dummy WebDAV Server
  dummy-webdav:
    image: photoprism/dummy-webdav:220405
    container_name: dummy-webdav
    environment:
      WEBDAV_USERNAME: admin
      WEBDAV_PASSWORD: photoprism
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.dummy-webdav.loadbalancer.server.port=80"
      - "traefik.http.routers.dummy-webdav.entrypoints=websecure"
      - "traefik.http.routers.dummy-webdav.rule=Host(`dummy-webdav.localssl.dev`)"
      - "traefik.http.routers.dummy-webdav.tls.domains[0].main=localssl.dev"
      - "traefik.http.routers.dummy-webdav.tls.domains[0].sans=*.localssl.dev"
      - "traefik.http.routers.dummy-webdav.tls=true"

## Create named volume for Go module cache
volumes:
  go-mod:
    driver: local

## Create shared "photoprism-develop" network for connecting with services in other docker-compose.yml files
networks:
  default:
    name: photoprism-develop
    driver: bridge